Browse > Article

Data Flow Analysis of Secure Information-Flow in Core Imperative Programs  

신승철 (동양대학교 컴퓨터공학부)
변석우 (경성대학교 컴퓨터과학)
정주희 (경북대학교 수학교육)
도경구 (한양대학교 전자컴퓨터공학부)
Publication Information
Journal of KIISE:Software and Applications / v.31, no.5, 2004 , pp. 667-676 More about this Journal
Abstract
This paper uses the standard technique of data flow analysis to solve the problem of secure information-flow in core imperative programs. The existing methods tend to be overly conservative, giving “insecure” answers to many “secure” programs. The method described in this paper is designed to be more precise than previous syntactic approaches. The soundness of the analysis is proved.
Keywords
Secure information-flow; static analysis; data flow analysis;
Citations & Related Records
연도 인용수 순위
  • Reference
1 J.A. Goguen and J. Meseguer, Unwinding and inference control, In Proc. IEEE Symposium on Security and Privacy, pages 75-86, 1984
2 A. Sabelfeld and A.C. Myers, Language-based information-flow security, IEEE Journal on Selected Areas in Communications, To apper, 2002   DOI   ScienceOn
3 A. Sabelfeld and D. Sands, A PER model of secure information flow in sequential programs, Higher-Order and Symbolic Computations, 14:59-91, 2001   DOI
4 F. Nielson, H.R. Nielson and C. Hankin, Principles of Program Analysis, Springer, 1999
5 D.E. Denning, A lattice model of secure information flow, 19(5): 236-243, 1976   DOI   ScienceOn
6 D. Volpano, G. Smith, A type-based approach to program security, In TAPSOFT'97, the 7th International Conference on Theory and Practice of Software Development, Lecture Notes in Computer Science, pages 607-621, Springer-Verlag, 1997   DOI   ScienceOn
7 D.E. Denning and P.J. Denning, Certification of programs for secure information flow, Communication of the ACM, 20(7):504-512, 1977   DOI   ScienceOn
8 M. Mizuno and D.A. Schmidt, A security flow control algorithm and its denotational semantics correctness proof, Formal Aspects of Computing, 4:722-754, 1992
9 G.R. Andrews and R.P. Reitman, An axiomatic approach to information flow in programs, ACM Transactions on Programming Languages and Systems, 21(1):56-76, 1980   DOI
10 J.-P. Banatre, C. Bryce, and D. Metayer, Compile-time detection of information flow in sequential programs, In D. Gollmann, editor, Computer Security - ESORICS'94, the 3rd European Symposium on Research in Computer Security, Lecture Notes in Computer Science, volume 875, pages 55-73, Springer-Verlag, 1997   DOI   ScienceOn
11 D. Volpano, G. Smith and C. Irvine, A sound type system for secure information flow, Journal of Computer Security, 4:1-21, 2001
12 R. Joshi and K.R.M. Leino, A semantic approach to secure information flow, Science of Computer Programming, 37:113-138, 2000   DOI   ScienceOn